Claims 



1 . (Currently Amended) A method for use by a server coupled to one or more 
client devices in a distributed computing environment, the method comprising: 

hosting a set of resources; 

receiving a request for a client user to perform an operation on a resource of the 
resources, the request being received by an application hosted by the serve r and the 
operation being associated with modification of content or functionality of the resource ; 
[[and]] 

determining whether to authorize the operation as a function of whether the client 
user has been delegated administrative authority by a server administrator to perform 
the operation with respect to the resource, the administrative authority being 
independent of whether the client user is a member of an administrators group 
associated with any resource of the server[[.]] ; and 

building an output array and logging the output array to a log file when the 
recuest is authorized. 

2. (Previously Presented) A method as recited in claim 1, wherein the 
determining whether to authorize the operation is performed by a secure delegation 
administration framework. 

3. (Canceled) 
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4. (Original) A method as recited in claim 1, wherein the resource is 
represented as an Internet Information Service (IIS) metabase node. 

5. (Previously Presented) A method as recited in claim 1, wherein the 
request comprises a scope associated with the client user, and a name of a method 
associated with the operation. 

6. (Previously Presented) A method as recited in claim 1, wherein the 
resource is a Web site hosted by an Internet Service Provider (ISP), and wherein the 
client user is not authorized to perform administrative activities on any resources 
associated with the ISP except by sending the request to the ISP for permission 
evaluation by the secure delegation administration framework. 

7. (Previously Presented) A method as recited in claim 1, wherein the 
request further comprises an indication of whether the client user desires to execute the 
operation via a dynamically built command line or via an executable object already 
associated with the operation. 

8. (Previously Presented) A method as recited in claim 1, wherein the 
request further comprises an indication of whether the client user desires to log a result 
of the operation. 
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9. (Previously Presented) A method as recited in claim 1 , wherein the secure 
delegation administration framework is secure at least because it does not allow the 
client user access to a mapping of user role-based permission to perform the operation 
directed to the resource. 

10. (Previously Presented) A method as recited in claim 1, wherein the 
method further comprises: 

installing the application on the server; 

identifying a set of operations that the application can perform; 

mapping the operations to a set of security permissions based on authorization 
specific role(s) of a set of users comprising the client user; and 

wherein determining further comprises the application utilizing the mapping to 
identify whether the client user has permission to perform the operation. 

11. (Previously Presented) A method as recited in claim 1, wherein the 
method further comprises: 

specifying role-based user access permissions to nodes of an Internet 
Information Services (IIS) metabase identifying the resources; 

indicating an interface to a task, the interface comprising a set of parameters and 
a name, the task comprising the operation; and 

wherein determining further comprises: 

locating the interface in a configuration file; 

responsive to locating the interface, presenting an identity of the client user to the 
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resource to evaluate a scope in view of the parameters and the name and the resource; 
and 

responsive to the presenting, identifying whether the client user has been 
delegated a role-based access permission to perform the operation with respect to the 
resource. 

12. (Previously Presented) A method as recited in claim 1 , wherein responsive 
to determining that the client user has been delegated authority to perform the operation 
with respect to the resource, the method further comprises: 

setting parameters associated with the operation; and 

executing the operation within a scope associated with the client user. 

1 3. (Currently Amended) A computer-readable medium for use in a distributed 
computing environment including a server and one or more client computing devices 
coupled to the server, the computer-readable medium comprising computer-executable 
instructions that, when executed, cause one or more processors to perform acts 
including: 

hosting a set of resources, a particular resource of the resources allowing a client 
user to determine whether the client user has delegated authority to access a resource 
of the resources; 

receiving a request from the client user to perform an operation on the resource^ 
the operation being associated with modification of content or functionality of the 
resource ; [[and]] 
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determining whether to authorize the operation as a function of whether the client 
user has been delegated a role-based scope of authority by a server administrator to 
perform the operation, the role-based scope of authority not requiring the client user to 
be a member of an administrators group associated with any resources of the server[[.]]; 
and 

building an output array and logging the output array to a log file when the 
reouest is authorized. 

14. (Canceled) 

15. (Original) A computer-readable medium as recited in claim 13, wherein the 
resource is represented as an Internet Information Service (IIS) metabase node. 

16. (Previously Presented) A computer-readable medium as recited in claim 
13, wherein the request comprises a scope associated with the client user, and a name 
of a method associated with the operation. 

17. (Previously Presented) A computer-readable medium as recited in claim 
13, wherein the resource is a Web site hosted by an Internet Service Provider (ISP), 
and wherein the client user is not a member of the administrators group. 

18. (Original) A computer-readable medium as recited in claim 13, wherein the 
request further comprises an indication of whether the operation is to be executed via a 
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dynamically built command line or via an executable object already associated with the 
operation. 



19. (Previously Presented) A computer-readable medium as recited in claim 
13, wherein operations associated with determining whether to authorize the operations 
are secure at least because the client user does not have access to user role-based 
permission(s) to perform the operation. 

20. (Previously Presented) A computer-readable medium as recited in claim 
13, wherein the computer-executable instructions comprise instructions that cause the 
one or more processors to perform acts further including: 

identifying a set of operations associated with the resource; 

mapping the operations to a set of security permissions, the security permissions 
being based on authorization specific role(s) of a set of users comprising the client user; 
and 

wherein the instructions for determining further comprise instructions for utilizing 
the mapping to identify whether the client user has permission to perform the operation. 

21. (Previously Presented) A computer-readable medium as recited in claim 
13, wherein the computer-executable instructions comprise instructions that cause the 
one or more processors to perform acts further including: 

securely specifying role-based user access permissions to nodes of an Internet 
Information Services (IIS) metabase identifying the resources; 

Serial No.: 10/650,891 7 , a, „ . , n 

Atty Docket No.: msi -i684us "'" lee^pnayes The Business ot IP 

Atty/Agent: Brett J. Schlameus 




www.leehayes.com © 509.324.9256 



indicating an interface to a task, the interface comprising a set of parameters and 
a name, the task comprising the operation; and 

wherein the computer-executable instructions for determining further comprise 
instructions for: 

locating the interface in a configuration file; 

responsive to locating the interface, presenting an identity of the client user to the 
resource to evaluate a scope in view of the parameters and the name and the resource; 
and 

responsive to the presenting, identifying whether the client user has been 
delegated a role-based access permission to perform the operation with respect to the 
resource. 

22. (Previously Presented) A computer-readable medium as recited in claim 
13, wherein the computer-executable instructions, responsive to determining that the 
client user has been delegated authority to perform the operation with respect to the 
resource, comprise instructions that cause the one or more processors to perform acts 
further including: 

setting parameters associated with the operation; and 

executing the operation within a scope associated with the client user. 

23. (Currently Amended) A server for use in a distributed computing 
environment including the server and one or more client computing devices coupled to 
the server, the server comprising: 
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one or more processors; and 

a memory coupled to the one or more processors, the memory comprising 
computer-executable instructions that cause the one or more processors to perform 
acts including: 

hosting a set of resources; 

receiving a request from a client user to perform an operation on a resource of 
the resources , the resource of the resources being associated with modification of 
content or functionality of the resource of the resources ; [[and]] 

determining whether to authorize the operation as a function of whether the client 
user has been delegated a role-based scope of authority by a server administrator to 
perform the operation, the role-based scope of authority not requiring the client user to 
be a member of an administrators group associated with resources of the server[[.]]; 
and 

building an output array and logging the output array to a log file when the 
reguest is authorized. 

24. (Original) A server as recited in claim 23, wherein the request is generated 
by at least one resource of the resources. 

25. (Canceled) 

26. (Original) A server as recited in claim 23, wherein the resource is 
represented as an Internet Information Service (IIS) metabase node. 
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27. (Previously Presented) A server as recited in claim 23, wherein the 
request comprises a scope associated with the client user, a name of a method 
associated with the operation. 

28. (Previously Presented) A server as recited in claim 23, wherein the 
resource is a Web site hosted by an Internet Service Provider (ISP), and wherein the 
client user is not a member of the administrators group. 

29. (Original) A server as recited in claim 23, wherein the request further 
comprises an indication of whether the operation is to be executed via a dynamically 
built command line or via an executable object already associated with the operation. 

30. (Previously Presented) A server as recited in claim 23, wherein the secure 
delegation administration framework is secure at least because it does not allow the 
client user access to a mapping of user role-based permission to perform the operation 
directed to the resource. 

31. (Previously Presented) A server as recited in claim 23, wherein the 
computer-executable instructions comprise instructions that cause the one or more 
processors to perform acts further including: 

identifying a set of operations associated with the resource; 

mapping the operations to a set of security permissions based on authorization 
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specific role(s) of a set of users comprising the client user; and 

wherein the instructions for determining further comprise instructions for utilizing 
the mapping to identify whether the client user has permission to perform the operation. 

32. (Previously Presented) A server as recited in claim 23, wherein the 
computer-executable instructions comprise instructions that cause the one or more 
processors to perform acts further including: 

securely specifying role-based user access permissions to nodes of an Internet 
Information Services (IIS) metabase, the nodes identifying the resources; 

indicating an interface to a task, the interface comprising a set of parameters and 
a name, the task comprising the operation; and 

wherein the computer-executable instructions for determining further comprise 
instructions for: 

locating the interface in a configuration file; 

responsive to locating the interface, presenting an identity of the client user to the 
resource to evaluate a scope in view of the parameters and the name and the resource; 
and 

responsive to the presenting, identifying whether the client user has been 
delegated a role-based access permission to perform the operation with respect to the 
resource. 

33. (Previously Presented) A server as recited in claim 23, wherein the 
computer-executable instructions, responsive to determining that the client user has 
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been delegated authority to perform the operation with respect to the resource, 
comprise instructions that cause the one or more processors to perform acts further 
including: 

setting parameters associated with the operation; and 

executing the operation within a scope associated with the client user. 

34. (Currently Amended) A server, comprising: 
means for hosting a set of resources; 

means for receiving a request from a client user to perform an operation on a 
resource of the resources , the operation being associated with modification of content 
or functionality of the resource ; [[and]] 

means for determining whether to authorize the operation as a function of 
whether the client user has been delegated a role-based scope of authority by a server 
administrator to perform the operation, the role-based scope of authority not requiring 
the client user to be a member of an administrators group associated with the server[[.]]; 
and 

means for building an output array and logging the output array to a log file when 
the reguest is authorized. 

35. (Canceled) 

36. (Original) A server as recited in claim 34, wherein the resource is an 
Internet Information Service (IIS) metabase node. 
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37. (Previously Presented) A server as recited in claim 34, wherein the 
resource is a Web site hosted by an Internet Service Provider (ISP), and wherein the 
client user is not a member of the administrators group. 

38. (Previously Presented) A server as recited in claim 34, wherein responsive 
to determining that the client user has been delegated authority to perform the operation 
with respect to the resource, the server further comprises: 

means for setting parameters associated with the operation; and 

means for executing the operation within a scope associated with the client user. 
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